Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network, unveiled today its 2024 Sensitive Content Communications Privacy and Compliance Report, offering critical insights into the current state of sensitive content communications. The report, based on a comprehensive survey of 572 IT, security, risk management, and compliance leaders, reveals significant vulnerabilities and challenges faced by organizations in managing and securing their sensitive information.
Among the key findings, the report highlights significant global challenges in managing sensitive content communications. When data is sent or shared externally, 57% of global respondents said they cannot track, control, and report on these activities. Not surprisingly, compliance reporting is a major challenge, with 34% of respondents generating audit log reports over eight times per month to satisfy internal and external compliance requests. This frequent reporting requirement reflects the ongoing struggle to meet stringent regulatory demands.
Tim Freestone, Chief Strategy and Marketing Officer at Kiteworks, emphasizes the urgency of addressing these vulnerabilities: “Our report uncovers significant gaps that organizations must address to protect their sensitive content and comply with increasingly stringent regulations. The insights provided are a call to action for businesses to re-evaluate their content communication strategies and invest in robust security solutions.”
Proliferation of Content Communication Tools Leads to Risks
The 2024 Kiteworks report highlights significant shifts and ongoing challenges in the use of content communication tools. Nearly one-third of respondents said their organizations rely on six or more content communication tools. Managing this tool soup decreases operational efficiency and makes it difficult to generate consolidated audit logs.
Preventing leaks of intellectual property (IP) and sensitive secrets is a top priority for 56% of respondents, underscoring the critical importance of protecting valuable information assets.
Impact of Data Breaches
32% of organizations reported experiencing seven or more sensitive content communications breaches last year. This is a slight improvement from 2023. However, 9% of respondents globally admitted they do not know if their sensitive content was breached, indicating a significant gap in advanced security detection and incident response capabilities.
The legal costs associated with data breaches remain high, with 8% of organizations incurring over $7 million in legal fees last year, and 26% reporting costs exceeding $5 million. Larger organizations, especially those with over 30,000 employees, faced even higher costs, with 24% reporting legal fees over $7 million.
Organizations Struggle to Manage Third-party Risk
Managing third-party risk continues to be a significant challenge for organizations worldwide.
A concerning 39% of organizations globally are unable to track and control access to sensitive content once it leaves their domain. This issue is particularly pronounced in the EMEA region, where 43% of organizations admit to losing the ability to track and control access to more than half of their sensitive content once it is shared externally.
Compliance Challenges Persist for Sensitive Communications
This year, 56% of organizations indicated that they require some improvement in compliance management, a significant increase from 32% in 2023. This growing concern reflects the increasing complexity and stringency of regulatory requirements.
Risk and compliance leaders pinpointed GDPR as their biggest compliance focus (52%). IT leaders, in contrast, listed U.S. State data privacy laws as their top priority (52%).
Notable compliance gaps persist across various industries. For example, only 38% of security and defense contractors prioritize CMMC compliance, which poses a significant risk given the impending enforcement of CMMC 2.0. These gaps highlight the critical need for organizations to prioritize and invest in robust compliance strategies to address evolving regulatory demands and mitigate associated risks.
The 2024 Kiteworks report highlights an urgent need for organizations to address gaps in sensitive content communications security and compliance. As the threat landscape evolves, it is imperative for businesses to implement robust strategies to protect their sensitive information.
Patrick Spencer, VP of Corporate Marketing and Research at Kiteworks, emphasizes the importance of sensitive content communications privacy and compliance: “The 2024 report exposes critical gaps in how organizations manage and secure their sensitive data. With a significant number of organizations experiencing multiple data breaches and struggling to meet compliance requirements, it is imperative that businesses take proactive steps to fortify their sensitive content communication strategies.”